Can't block facebook

hi, I followed your instructions


, but does not block facebook.con me, some additional suggestions?
regards.

which is using proxy settings? transparent or authenticated?

i use Transparent.

when you try to block https://facebook or other page using https will not. It is better to use the authenticated mode.

using transparent ssl you will have some problems with certificates of banks or other pages where you need to check the certificate of origin and not the firewall

1 Like

so, the best way to use is authenticated mode.

Yes. It is the best way. you will not have problems with SSL certificates from banks.

I’ll try some configurations.
but if i don’t include into the global blacklist, does not blocked facebook.

at this moment my client has shalla lists.
and social networking module has the following domains:


It should work without having it on a global blacklist

1 Like

Do u have 2 profiles default??

Install list and similarly not block facebook.

you should not have that configuration.


default for my not in use

It is recommended to use different profiles and filters. never use same names

http blocked pages are displayed with the message in red, https pages show that not only can open or access

I’ll continue tomorrow.

Have a good night!!!

Regards,

Good night my friend.

Regards

Does your Browser redirect to https://facebook.com? I think the normal configuration of squid is to handle only http-sites. If that is so you have to block https-sites too. I haven’t tested the component in nethserver yet, but I’ve manually configured a squid with squidguard. If you want to block https-sites in transparent mode there is a way, but you have to inform your users about it, because you decrypt their requests inclusive passwords and everything else send through your proxy to the internet.

Of course my friend @m.traeumner

but they should be aware that many use ports 443, failing must block each block ip domain.

Therefore it is recommended to use authenticated mode, and is a good way to keep monitored each user in the proper use of the Internet.

Regards

Any help, configuration tips, any information would be helpful.
Regards

Hi,

Did you read other topics on this forum regarding this subject?
Maybe you can find useful informations.

Gabriel

@Alejandro_Guerra Friend,

if you want to block https pages without affecting pages of banks it is advisable to use authenticated mode

If you search the forums encontras the same question yours and the same answers that you have given.

In particular my customers, I use so authenticated and is easier to monitor internet usage of each user.

Regards.

Use the iptable: (work for me… :smiling_imp: )

iptables -I FORWARD -s 192.168.1.1 -p tcp --dport 443 -m string --string ‘facebook’ --algo bm -j DROP

Or other case, block all and allow some IP connect.
#Block all
iptables -I FORWARD -p tcp --dport 443 -m string --string ‘facebook’ --algo bm -j DROP
#Allow IP
iptables -I FORWARD -s 192.168.1.123 -p tcp --dport 443 -m string --string ‘facebook’ --algo bm -j ACCEPT

This way you keep using the transparent proxy without ssl.

Regards…

Hello Alejandro,
sorry for late Answer. I’ve a Documentation in odt-Format, but I can’t attach it to this post. Do you have a cloud-drive or something else where I can upload it.
Some comments in the Documentation are in German, but everything else is English.